CHOICE membership

Some more Data Breaches of 2016, 2017, & 2018


#1

From a Networking Blog I subscribe to here are 10 breaches that seem to have occurred in 2016 plus one that was only reported in 2016 and it isn’t Yahoo.

i-Dressup 2.2 million accounts stolen

DLH.Net 3.3 million accounts stolen

Leet 5 million accounts stolen

ClixSense 6.6 million accounts stolen

Lifeboat 7 million accounts stolen

Dailymotion 18 million accounts stolen

Mail.ru 25 million accounts stolen

Weebly 43 million accounts stolen

VerticalScope 45 million accounts stolen

FriendFinder Networks 412 million accounts stolen (this consisted of 20 years worth of accounts) and included data from AdultFriendFinder & Penthouse.com among 5 others

and Myspace had 427 million accounts stolen earlier but it was disclosed in 2016.

Perhaps this might encourage us all to be more careful with whom we trust our private data and how much we provide of it.


31 Jan 2017

Just a small and hopefully useful update. If you would like to check if your data (it checks against your email address) has been hacked by data breaches there is a free site where you can check against many of the worldwide hacks go to:

You can also subscribe to this site to be informed if in future your email address is stolen in a data breach.

And on the same site have a look at this list of data breached sites:


Hacking horror story
#2

That list details a staggering total of 994.1 Million accounts’ information stolen in 2016. PLUS all the others that have not been publicised yet.


#4

Thanks @grahroll. I can breathe a sigh of relief now that I have checked.

Much appreciated once again.


#5

For your information, I just received this email from Change.org about another exposure, this time at Cloudflare.

"We wanted to share some information we received recently from Cloudflare, a popular web services provider that we use at Change.org, about a security issue that may have exposed the personal information of some users who utilize their services. We have received confirmation from Cloudflare that there is no evidence that Change.org has been directly affected by this issue. However, when issues like this occur, it’s always a good idea to change your password to provide an extra level of security, which you can do at the link below:

We want you to feel safe when using our services and we have been monitoring this situation closely to ensure it does not affect our users. If you are ever in doubt about the security of your accounts with us, feel free to contact Change.org directly through our Help Center.

The Change.org Team"


#6

Two new lists of Data Breaches have been posted on “Have I been pwned” see the link https://www.troyhunt.com/password-reuse-credential-stuffing-and-another-1-billion-records-in-have-i-been-pwned/ for details but broadly this is it

"In late 2016, a huge list of email address and password pairs appeared in a “combo list” referred to as “Exploit.In”. The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for “credential stuffing”, that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I been pwned. "

If you aren’t listed for contact on https://haveibeenpwned.com/ I recommend you sign up and check your email addresses there. If you appear on any of the latest lists then I also recommend you visit your important sites and change your passwords, and maybe think about getting a password manager if you don’t have one.


#7

A new list on “Have I been pwned” has been released with around 711 Million email addresses from a Spambot that was listed August 2017. To read more about it see a blog post by Troy Hunt (operator of Have I been pwned) https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/

If you want to check (and I do recommend you do check) if your email address/es was/were affected you can use the HIBP site to check https://haveibeenpwned.com/


#8

Another largish list of user details has been located on the Web and HaveIbeenpwned has listed those affected. The amount of accounts is around 111,000,000. The name given to the breach is “Pemiblanc”.

To read more about how this breach/list was used by nefarious people see

To check if you may have been affected if you don’t or haven’t used HaveIbeenpawned before is go to https://haveibeenpwned.com/ and put your email address/es into the search box near the top of the page and see if you get any results. Hopefully you don’t but if you do you are at least aware of possible problems and can take any needed actions if not already done by you to protect your account/s.


#9

The teen is alleged to have downloaded 90 gigabytes of secure files and accessed customer accounts without exposing his identity, the paper said.

A 16yo from Melbourne. Only 90 Gigs of data - clearly had slow NBN :wink:

Thankfully no customer data was compromised in the hack - of course not, it was probably taken in perfect condition !!!


#10

Obviously the data was compromised as you point out so well :-), if someone downloaded it and accessed Customer Accounts, that is compromised as both you and I and probably a whole slew of others know. What Apple is doing is to placate the people who don’t know and who also help keep the business ticking over by buying products from Apple. While Apple know about this data hack now how many others might yet remain unknown/undiscovered. This is not just an issue affecting Apple as can be seen from the listings above of other hacked sites and businesses. If a 16 year old attempted it & succeeded you can almost certainly say that it was done by others and more successfully as Apple haven’t found it yet.

What at least our laws are trying to do a bit more successfully is give users of any service more timely knowledge of attacks/hacks so that we can take some action sooner rather than being informed years after the attacks.

Like you I ignore the spin and look to the reality.